Hacking Official Corbenik - Another CFW for advanced users (with bytecode patches!)

  • Thread starter Thread starter chaoskagami
  • Start date Start date
  • Views Views 287,577
  • Replies Replies 2,153
  • Likes Likes 60
@chaoskagami, sorry I didn't mean attention as in like glory seeking. I meant other CFW projects are slowing down (Luma3DS, ReiNAND, Cakes) so forum surfers will be watching your CFW thread closely as we are all peasants who want something new to experience on our 3DS. Bad choice of wording on my part.

--------------------- MERGED ---------------------------



you probably already have patched AGB/TWL cias installed to NAND.
I don't have any patches on my NAND, I removed them after Luma3DS added patches.
 
https://github.com/chaoskagami/corbenik/wiki/Features

Only Luma3DS and CakesFW currently have AGB/TWL patching
That's actually rather odd, despite me having removed them before, they were still there. I removed them again and now the games don't work.
I most likely restored an older NAND at one point that still had the patches and didn't even think about it.
edit: Also SaltFW also supports AGB/TWL patching
 
Last edited by The Catboy,
I don't have any patches on my NAND, I removed them after Luma3DS added patches.

I'm not fixing the signature checks here at runtime due to lack of reboot, so twl and agb shouldn't be booting unsigned titles unless you have them altered on NAND. Luma does the reboot patch automatically and fixes them at runtime by loading the arm9loaderhax.bin/Luma3ds.dat. It also uses static offsets for this rather than memsearch, so it's entirely possible for the result post-patch to be identical.

@chaoskagami, sorry I didn't mean attention as in like glory seeking. I meant other CFW projects are slowing down (Luma3DS, ReiNAND, Cakes) so forum surfers will be watching your CFW thread closely as we are all peasants who want something new to experience on our 3DS. Bad choice of wording on my part.

Ah, okay. I get it. We all misspeak sometimes. :D

Correction though - Luma is still adding bits at a constant rate (in a user friendly manner of course), ReiNAND is pretty stable unless ninty breaks shit next update and cakes is also rock-solid stable. Software doesn't need frequent updates if it isn't broken.

Reboot is almost done. It's somewhat of a bastard hybrid of Cakes and Luma's reboot code. Don't ask. I need to verify everything works properly before I push, and this involves removing my modified TWL and AGB first. =_=

EDIT:

That's actually rather odd, despite me having removed them before, they were still there. I removed them again and now the games don't work.
I most likely restored an older NAND at one point that still had the patches and didn't even think about it.
edit: Also SaltFW also supports AGB/TWL patching

I thought the table would get a bit long if I added every CFW, so I decided to limit to 'popular' ones. More people are using SaltFW now, so maybe I should add it.
 
Last edited by chaoskagami,
I'm not fixing the signature checks here at runtime due to lack of reboot, so twl and agb shouldn't be booting unsigned titles unless you have them altered on NAND. Luma does the reboot patch automatically and fixes them at runtime by loading the arm9loaderhax.bin/Luma3ds.dat. It also uses static offsets for this rather than memsearch, so it's entirely possible for the result post-patch to be identical.



Ah, okay. I get it. We all misspeak sometimes. :D

Correction though - Luma is still adding bits at a constant rate (in a user friendly manner of course), ReiNAND is pretty stable unless ninty breaks shit next update and cakes is also rock-solid stable. Software doesn't need frequent updates if it isn't broken.

Reboot is almost done. It's somewhat of a bastard hybrid of Cakes and Luma's reboot code. Don't ask. I need to verify everything works properly before I push, and this involves removing my modified TWL and AGB first. =_=
That's actually rather odd, despite me having removed them before, they were still there. I removed them again and now the games don't work.
I most likely restored an older NAND at one point that still had the patches and didn't even think about it.
edit: Also SaltFW also supports AGB/TWL patching

I am not sure when, but at some point I must have restored an older NAND with the patches still installed and didn't remove them.
 
Wow, this thing has some real potential. Lack of reboot is a bit of a dealbreaker for me at the moment, but once it gets implemented, I think I might switch over from Luma. Good job on the project!

EDIT: Hmm, is there a reason you're not using Markdown for the Github readme?
 
Last edited by TheReturningVoid,
Wow, this thing has some real potential. Lack of reboot is a bit of a dealbreaker for me at the moment, but once it gets implemented, I think I might switch over from Luma. Good job on the project!

EDIT: Hmm, is there a reason you're not using Markdown for the Github readme?

The github README is copied to the release zips. I could make it markdown, but unless I'm careful markdown != text file. Aside from that most of the actual documentation is on the Wiki.

Reboot is in the works. I'm squashing some remaining issues on it now and doing general cleanup, but technically it does hook reboots now. It just isn't working to my standards yet, so wait a little longer?
 
  • Like
Reactions: Temptress Cerise
The github README is copied to the release zips. I could make it markdown, but unless I'm careful markdown != text file. Aside from that most of the actual documentation is on the Wiki.

Reboot is in the works. I'm squashing some remaining issues on it now and doing general cleanup, but technically it does hook reboots now. It just isn't working to my standards yet, so wait a little longer?
Oh, it's already nearly done? Nice! I'm really liking this project so far.
 
By the way I've tested the "Force TestMenu" patch (with Luma's injector) for personal use:

You're looking for a BL instruction, and that doesn't work well on different versions of NS due to offsets being changed between versions of NS/APT.

As @Steveice10 suggested you should do the following instead:

Code:
find 1b00000abc009fe5
fwd 4
 
By the way I've tested the "Force TestMenu" patch (with Luma's injector) for personal use:

You're looking for a BL instruction, and that doesn't work well on different versions of NS due to offsets being changed between versions of NS/APT.

As @Steveice10 suggested you should do the following instead:

Code:
find 1b00000abc009fe5
fwd 4

I quickly adapted said patch from Rei's pastes for testing.

You're correct, though, searching against a relative bl isn't a good idea.

EDIT: This code is much more reliable. It'll be in next version.

EDIT 2: Reboot seems to be fully working now. The code is still messy though - like I said, it's a bastard hybrid of Luma and Cakes. Namely, I'm using Cakes' reboot method (saving prepatched firms) but I'm using Luma's offset fixing code (for the most part.)

There's also no patches yet. 'Error has occured' on unsigned titles when my NAND is patched is a pretty good way to tell what it's booting, after all.

Once I implement TWL/AGB patches, this will be pushed to master and I'll make another release.
 
Last edited by chaoskagami,
I'm making another release now with the caveat that reboot and the TWL/AGB patch is probably incredibly buggy, and that there's probably another one incoming once I get flooded with issues.

The AGB patch is for both new/old (it figures it out at runtime) while TWL is split at the moment by type (because there's no labelling in the assembler at the moment, and it was pain enough to do agb without that.) Both require 'Reboot' to be turned on in options, so please do so.

Your mileage may vary, etc. I don't have an o3DS to test largemem titles on, so somebody else will have to test it.
 
The github README is copied to the release zips. I could make it markdown, but unless I'm careful markdown != text file. Aside from that most of the actual documentation is on the Wiki.

Reboot is in the works. I'm squashing some remaining issues on it now and doing general cleanup, but technically it does hook reboots now. It just isn't working to my standards yet, so wait a little longer?

Markdown is perfectly readable as text-only. It just looks less fancy than with styling.

Still, awesome work ! I'll switch to Cobernik when I'll find the time to move my EmuNAND to SysNAND.
 
Markdown is perfectly readable as text-only. It just looks less fancy than with styling.

Still, awesome work ! I'll switch to Cobernik when I'll find the time to move my EmuNAND to SysNAND.

It supports emunand, so you could use it now if you wanted. SysNAND is all around better though.

For the most part, MD is valid as text. However, not all text is markdown, and there's major formatting problems if I rename to MD at the moment. I'd have to waste a commit fixing it (again) so I'll just wait till I need to update the readme. Also, md links are the one thing not readable. (name)[https://link]

Also, my microSD is failing. Again. They only survive about 300 insert-remove cycles before they start to fail. They start to warp a bit.

At this point, I'm buying one of those fancy cables that you plug into a microSD slot - they have a normal SD adapter on the other side. I'd like UHS-3 speeds and not to kill any more 128GB microSD cards. I'm going to run it under my back faceplate and tape it to my top back. =_=

Relevant because if my SD doesn't cooperate then things are going to be slower to get done.
 
Last edited by chaoskagami,
I'm making another release now with the caveat that reboot and the TWL/AGB patch is probably incredibly buggy, and that there's probably another one incoming once I get flooded with issues.

The AGB patch is for both new/old (it figures it out at runtime) while TWL is split at the moment by type (because there's no labelling in the assembler at the moment, and it was pain enough to do agb without that.) Both require 'Reboot' to be turned on in options, so please do so.

Your mileage may vary, etc. I don't have an o3DS to test largemem titles on, so somebody else will have to test it.
Reboot patches for largemem games works for me. Was able to launch Smash and played a couple of games~ <3

Not sure on the TWL/AGB though. I haven't tested that.
 
Reboot patches for largemem games works for me. Was able to launch Smash and played a couple of games~ <3

Not sure on the TWL/AGB though. I haven't tested that.

Nice. If reboot is working, that's the important part. The patches are easy to rewrite if they don't.
 
I'm consistently getting "reboot: hook not found on SD". First time I tried to launch SSB I got the "SD card has been removed error", then corbenik completely crashed everytime it tried to boot (after some svc related message), and now it hangs on this screen.

As always, O3DS.
 
I'm consistently getting "reboot: hook not found on SD". First time I tried to launch SSB I got the "SD card has been removed error", then corbenik completely crashed everytime it tried to boot (after some svc related message), and now it hangs on this screen.

As always, O3DS.

You're missing /corbenik/bits/reboot_hook.bin. The reboot binaries aren't inside the arm9loaderhax.bin. They're on the SD. You need to unpack everything from the zip / copy all the files. Including bytecode, since it changed again.

I have no idea why the Svc hangup happens. I've seen it too, and every time I attempt to debug it I just can't find the cause. It might be SD related.
 
Last edited by chaoskagami,
Still hangs at "Svc: table at 24037728" with regular patches.
Disabling all of them (even the regular signature patches) appears to have fixed the issue, and at least SSB runs fine.

EDIT: For some reason after enabling AGB/TWL patches, regular signature patches are gone.
Also, is Corbenik creating /test? I don't have a hex editor handy, but it appears to be created after running it.
 
Last edited by Wolfvak,
Still hangs at "Svc: table at 24037728" with regular patches.
Disabling all of them (even the regular signature patches) appears to have fixed the issue, and at least SSB runs fine.

I've yet to figure out what causes the Svc hangup but I suspect a bad SD.

There's literally nothing between the "Svc: table at" and the next fprintf that should be crashing unless it's fatfs-related.

--------------------- MERGED ---------------------------

EDIT: For some reason after enabling AGB/TWL patches, regular signature patches are gone.
Also, is Corbenik creating /test? I don't have a hex editor handy, but it appears to be created after running it.

Ah, fuck. Forgot to remove testing code. Hang on a sec. That was when I was making sure the reboot stuff was properly injected. I was dumping the region I'm injecting code to make sure it was right.

As for regular signature patches being gone, that shouldn't be happening.
 
Last edited by chaoskagami,
I noticed a thing
when entering the software management for 3ds, the console hangs and crashes
 

Site & Scene News

Popular threads in this forum